Threat Update: Dorkbot and OpenSSL Update

Dorkbot Advisory

The Dorkbot botnet is used to steal online payment information, support denial of service (DDos) attacks and deliver malware. Microsoft has confirmed that this family of malware has infected more than one million computers in over 190 countries this year.

The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, have released the Technical Alert below to provide further information about Dorkbot. Please review the advisory below:

A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users’ credentials for online services, including banking services.

Solution

Users are advised to take the following actions to remediate Dorkbot infections:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though Dorkbot is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of Dorkbot, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)

Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)

Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)

Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (see example below) to help remove Dorkbot from their systems.

Disable Autorun­ – Dorkbot tries to use the Windows Autorun function to propagate via removable drives (e.g., USB flash drive). You can disable Autorun to stop the threat from spreading.

Herjavec Group circulates US – Cert advisories as this notification warrants attention and may have significance to your Enterprise network environment. If the following advisory is applicable to your environment, Herjavec Group recommends your IT team review the technical details included and monitor your environment for any susceptible systems. Herjavec Group’s analysts are working with applicable vendor partners to apply detection and mitigration strategies where appropriate. For Managed Services customers, our Managed Services team will engage with the appropriate technical contacts in your respective organizations directly to provide alerts, escalations, actions and or reports based our service agreement with you. If you have questions or concerns, please engage your Herjavec Group account representative directly or contact Herjavec Group.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn

Subscribe to Herjavec Group News

Mailing List *

Threat Advisories

Information on Upcoming Events

Industry News & Thought Leadership

First Name *

Last Name *

Email *

*By selecting one of the communications above, you consent to Herjavec Group sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.